Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

https://github.com/anahitH/program-partitioning-for-security-enclaves

Behavior based program partitioning for security enclaves
https://github.com/anahitH/program-partitioning-for-security-enclaves

c c-plus-plus intel-sgx llvm sgx-enclave software-security

Last synced: about 20 hours ago
JSON representation

Behavior based program partitioning for security enclaves

Lists

README 

        
# program-partitioning-for-security-enclaves

Behavior based program partitioning for Intel SGX security enclaves. Partitions given program into security sensitive and insensitive partitions based on user annotations. Automatically generates Asylo code to integrate partitioned program with Asylo framework.

Operates in LLVM IR level.



### Dependencies

The following projects need to be built and installed in the system.



1. nlohman json https://github.com/nlohmann/json

2. SVF https://github.com/anahitH/SVF

3. PDG https://github.com/anahitH/program-dependence-graph

4. spdlog https://github.com/gabime/spdlog



For building and installing each of the mentioned projects refer to their github pages.



### Build

mkdir build

cd build

cmake ../

make



Minimum required cmake version is 3.12



### Run



#### Run partitioning



``` opt -load $SVFG_PATH -load $DG_PATH -load $PDG_PATH -load $SELF_PATH $bc -partition-analysis -json-annotations=$annots -outfile=$outfile -partition-stats```



Where ```SVFG_PATH``` is the path where SVF libraries reside. ```PDG_PATH``` is the same for PDG project. ```SELF_PATH``` is the path where program partitioning library files reside. Normally this would be in the ```build``` directory. ```bc``` is the LLVM bitcode of the program to partition and ```annots``` is the json file of user annotations. The statistics of partitioning will be dumped in a file ```partition_stats.json```.



#### Partitioning with optimization

The supported partition optimization methods are:

1. no-opt - no optimization applied

2. ilp - ILP optimization

3. kl - Kernighan-Lin optimization 

4. search-based - optimization based on the static analysis



The default value for optimization is ```no-opt```. In order to optimize the partition set the ```-optimize``` flag of opt. E.g.



``` opt -load $SVFG_PATH -load $DG_PATH -load $PDG_PATH -load $SELF_PATH $bc -partition-analysis -json-annotations=$annots -outfile=$outfile -optimize=[|ilp|kl|search-based] -partition-stats```



### Generating secure and insecure modules from partition

``` opt -load $SVFG_PATH -load $DG_PATH -load $PDG_PATH -load $SELF_PATH $bc -extract-partition -json-annotations=$annots -outfile=$outfile -optimize=[|ilp|kl|search-based] -partition-stats```



Will generate two modules out of two partitions. Will add missing code to have funcional modules, e.g. setter functions for globals used and modified in both partitions.



#### Asylo code generation



``` $BIN_PATH/sgx-code-gen $SRC ```

where ```BIN_PATH``` is where executeable ```sgx-code-gen``` resides. By default it should be in the directory ```build```.

```SRC``` is list of source files the program constsis of. Those are source files in C and not LLVM IR.



The generated files will be:

1. interface_selectors.h

2. ${program_name}\_enclave.cc

3. ${program_name}\_driver.cc



#### To generate Bazel build file for given pprogram



```python scripts/generateBazelBuild.py -enclave $enclave_shared_lib_name -enclave_src $enclave.cc -enclave_lib $secure_partition.o -enclave_hdr $enclave_hdr_files -app $app_name $app_src $driver.cc -app_lib $insecure_partition.o -app_hdr $app_hdrs_files -enclaves $enclaves_name -build-template $BAZEL_build_template```



Bazel build template file is in ```templates/BUILD_template```.